Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
US-CERT warns of HP LaserJet printer backdoor
Topic Started: Mar 13 2013, 02:29 PM (289 Views)
Deleted User Mar 13 2013, 02:29 PM Post #1
Deleted User
Quote:
 
US-CERT warns of HP LaserJet printer backdoor

Printer Security A number of HP LaserJet printers can be accessed through the network and unencrypted data can be read from them without authentication. The US-CERT has issued an advisory that warns users of these printers and is calling on them to update the printer's firmware with a fixed version.

In all, ten models of the LaserJet Pro series can be accessed via telnet without a password prompt. A debug shell is then started on that telnet port which gives access to the printer, allows for the disabling of SSL connections and showing passwords in plain text for the HP ePrint Cloud server connection. In an interview with online magazine CRN, Christoph von Wittich, who discovered the flaw while doing a routine scan of his company's network, explained that the flaw could also be used for a denial of service attack but, by default, the shell is not accessible from the internet and "should not cause much trouble for the end user".

HP's own advisory identifies HP LaserJet Pro P1102w, P1606dn, M1212nf MFP (Multi Function Printer), M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1219nf MFP and CP1025nw printers as affected by the problem and has issued firmware and installation instructions for that firmware to close the vulnerability.


http://www.h-online.com/security/news/item/US-CERT-warns-of-HP-LaserJet-printer-backdoor-1821334.html
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · SOFTWARE & HARDWARE · Next Topic »
Add Reply